BSOD - ekrn.exe

[Snotface 1]

Hi

 

NOD32 Antivirus 64-bit.

 

The latest module (20150620) seems to be causing blue screen of death errors after logging into Windows 7 after a reboot.

Did a dump trace and while it says it is a hardware failure (x00000124), the driver is ekrn.exe.

I then used Autoruns in Safe Mode to disable everything with ESET in it. Rebooted successfully. Uninstalled NOD32.

Rebooted a couple of times to make sure it was working.

I then downloaded the latest version of NOD32, using the web-installer. Installed it and allowed it to update to the latest module. When i rebooted I again got the BSOD.

 

I have uninstalled again.

Below is the analysis from my memory dump if someone can make any use of it.

 

4: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

 

WHEA_UNCORRECTABLE_ERROR (124)

A fatal hardware error has occurred. Parameter 1 identifies the type of error

source that reported the error. Parameter 2 holds the address of the

WHEA_ERROR_RECORD structure that describes the error conditon.

Arguments:

Arg1: 0000000000000000, Machine Check Exception

Arg2: fffffa800ddbb028, Address of the WHEA_ERROR_RECORD structure.

Arg3: 00000000bf800000, High order 32-bits of the MCi_STATUS value.

Arg4: 0000000000200401, Low order 32-bits of the MCi_STATUS value.

 

Debugging Details:

------------------

 

 

BUGCHECK_STR:  0x124_GenuineIntel

 

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

 

PROCESS_NAME:  ekrn.exe

 

CURRENT_IRQL:  f

 

STACK_TEXT:  

fffff880`009bbb58 fffff800`03c05a3b : 00000000`00000124 00000000`00000000 fffffa80`0ddbb028 00000000`bf800000 : nt!KeBugCheckEx

fffff880`009bbb60 fffff800`03794c33 : 00000000`00000001 fffffa80`0dc11d30 00000000`00000000 fffffa80`0dc11d80 : hal!HalBugCheckSystem+0x1e3

fffff880`009bbba0 fffff800`03c05700 : 00000000`00000728 fffffa80`0dc11d30 fffff880`009bbf30 fffff880`009bbf00 : nt!WheaReportHwError+0x263

fffff880`009bbc00 fffff800`03c05052 : fffffa80`0dc11d30 fffff880`009bbf30 fffffa80`0dc11d30 00000000`00000000 : hal!HalpMcaReportError+0x4c

fffff880`009bbd50 fffff800`03c04f0d : 00000000`00000008 00000000`00000001 fffff880`009bbfb0 00000000`00000000 : hal!HalpMceHandler+0x9e

fffff880`009bbd90 fffff800`03bf8e88 : 00000000`00000002 00000000`00001000 00000000`00000000 00000000`00000000 : hal!HalpMceHandlerWithRendezvous+0x55

fffff880`009bbdc0 fffff800`0367a1ac : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalHandleMcheck+0x40

fffff880`009bbdf0 fffff800`0367a013 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxMcheckAbort+0x6c

fffff880`009bbf30 fffff800`03672394 : fffff800`0391fcd9 fffff880`06c67b60 00000000`00000040 00000000`00000000 : nt!KiMcheckAbort+0x153

fffff880`06c67638 fffff800`0391fcd9 : fffff880`06c67b60 00000000`00000040 00000000`00000000 fffff880`00000004 : nt!memmove+0xb4

fffff880`06c67640 fffff800`0391f9df : fffffa80`0f971060 00000000`002b0000 fffffa80`0f462060 00000000`0949c968 : nt!MmCopyVirtualMemory+0x28d

fffff880`06c679f0 fffff800`0367ab53 : fffffa80`0f6c0060 00000000`08eae728 fffff880`06c67a88 00000000`000005e4 : nt!NtReadVirtualMemory+0xff

fffff880`06c67a70 00000000`772bdfaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13

00000000`08eae708 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772bdfaa

 

 

STACK_COMMAND:  kb

 

FOLLOWUP_NAME:  MachineOwner

 

MODULE_NAME: hardware

 

IMAGE_NAME:  hardware

 

DEBUG_FLR_IMAGE_TIMESTAMP:  0

 

FAILURE_BUCKET_ID:  X64_0x124_GenuineIntel_PROCESSOR_MAE

 

BUCKET_ID:  X64_0x124_GenuineIntel_PROCESSOR_MAE

 

Followup: MachineOwner

 

[Marcos 5,070]

I don't think that ekrn can cause a hw failure To find out the actual culprit of BSOD, please compress the dump, upload it to a safe location and pm me the download link.

[Seyren 0]

Yea same thing is happening to me!! I uninstalled it and reinstalled NOD32 Antivirus from the web it stopped for a while but later it started again

[Marcos 5,070]

Yea same thing is happening to me!! I uninstalled it and reinstalled NOD32 Antivirus from the web it stopped for a while but later it started again

 

Please follow the advice above.

[Hegge 1]

I can confirm that i had the same problem. I have swapped and taken apart everything but can now replicate the BSOD by installing NOD32 and get rid of it by uninstalling NOD32. I will upload the dump as soon as i am finished putting everything back together and after having a tea to calm myself down.

[SwansonAssoc 0]

Hi,

Similar information with me.  I responded to:

https://forum.eset.com/topic/5217-eset-smart-security-causing-false-0x00000124-bsods/

--Thanks,

--Robert

[ronnie.barker 0]

I have been having BSODs since upgrading 3 days ago. It is the only thing that has changed. After reading this forum, I have uninstalled Nod32 Smart Security completely and so far, so good!

 

It feels like the issue may be in the part that shims the file system to achieve the real time protection. I am sure that some of my BSODs have coincided with dropbox file updates...

[Cyda 0]

I'm getting the exact same BSOD and I'm pretty sure NOD32 is the cause. I went back to a 2 week old backup image which I know is stable, the system continues to stay stable until NOD32 updates. after this, once you reboot, the BSOD happens about 10-30 secs after booting. I restored the backed multiple times and everytime is the same, if NOD32 is allowed to update then BSOD will happen on boot from the next reboot.

I've uninstalled NOD32 and the system is stable again. I'm PM you a link for the dump.

[Marcos 5,070]

Please collect logs using Log Collector as per the instructions here: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3466. When done, drop me a pm with the output archive attached.

If possible, start Windows in safe mode and rename C:\Windows\System32\drivers\eamonm.sys and ehdrv.sys, one at time. Let me know if renaming either one makes the issue go away (you will get other errors in the protection status but disregard them during the test).

 

Those who haven't provided me with a memory dump, please do so. Cyda, you've supplied me with a minidump, however, we'd need a kernel or better a complete memory dump. For instructions how to configure the system to generate kernel or complete memory dumps, please refer to the KB article hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN380. Upload the stuff to a safe location and pm me the download link.

Also check the folder C:\ProgramData\ESET\ESET NOD32 Antivirus\Diagnostics and if there are some dmp files, upload them as well.

[Cyda 0]

Sorry Marcos. I have switched to a 30 trial of Kaspersky, I have used NOD32 for 10 years but I do not have time to mess about and debug this, I need a working system. This has made me lose a lot of faith in NOD32.

 

Since uninstalling NOD32 and installing Kaspersky I have had ZERO BSOD. The problem is certainly NOD32.

[Marcos 5,070]

The fact that BSOD occurs with ESET installed doesn't necessarily mean that ESET is the culprit. We know of a handsome of Microsoft bugs that cause crash when properly designed ESET's drivers are loaded. Microsoft has already addressed several such issues. Let's refrain from making conclusions before the issue is thoroughly investigated by ESET's engineers and the actual culprit is found.

[ronnie.barker 0]

Whether ESET is the culprit or not, it doesn't help us, the little guy. I have had a day's lost productivity and it sounds like others have had more. Although I am sympathetic to ESET for having to deal with the possibility of a bug in the OS, at the end of the day, I am glad that I can hope to get back to productivity without some of the nightmare that others have expressed; I found this forum before rebuilding my PC! Lets just all do what we can now to get to the bottom of the issue and resolve it ASAP.

[Marcos 5,070]

Do you have software from Gigabyte installed?

[SwansonAssoc 0]

Hi Marcos,

I've just sent you my memory dump link (of course it is still uploading at the second...)  I do have a Gigabyte motherboard & supporting software / drivers.  Also, I tried the log collector, but it errors out and says "Maybe ekrn.exe is not running?".  Of course I can't run ESET currently.

--Thanks,

--Robert

[ronnie.barker 0]

I also have a Gigabyte motherboard with software & drivers...

[Cyda 0]

Yes, I have a gigabyte motherboard and use some of their software.

[grinr 0]

At around 1AM last night while I wasn't even using the PC (Windows7 x64, ASUS z97-pro, i7) I got a BSOD out of nowhere.  I haven't installed or upgraded anything (manually, aside from Windows Updates) in months. The error I got was the following:

 

Stop 0x00000101 "A clock interrupt was not received on a secondary processor within the allocated time interval"

So naturally I suspected a CPU/hardware fault.  I've spent all day trying to narrow this down, and only when discovering that I can run Prime95 for a few hours in safe mode without issue did I start to suspect it was a software problem.  I disabled ESET in the services and am currently running in normal mode (sans ESET) and so far no BSOD.

 

I'm thinking ESET NOD32 ran some kind of update recently and that borked the system.

Edited June 23, 2015 by grinr

[shard 0]

I had a BSOD report on a Gigabyte AMD system Saturday that had not had a blue screen in years. (NO Gigabyte software.)

Today a different Gigabyte Intel machine is unusable unless the ESET service is disabled.

 

This machine does have the Gigabyte software installed, but disabling every non-Microsoft service and startup app still results in BSOD with only the ESET Service enabled. Disabling only the ESET Service results in no BSOD.
 

You have a problem with YOUR software.

[kdagsjm 0]

I have this problem as well, I also have a gigabyte mobo, drivers and sw. Any new fixes or workarounds available?

[GiantMidget 0]

I had the same problem. After it updated i got an instant BSOD and thereafter i got one every time i boot into my desktop.

 

I had to boot into safe mode and manually uninstall Eset Smart Security with the .exe from the website. After that i can boot into windows again just fine and everything is good. I have been using this virus protection for years and have never had an issue like this before. I thought my computer was a goner.

 

I also have a gigabyte motherboard(z97-sli) and use the software it came with.

Edited June 23, 2015 by GiantMidget

[Marcos 5,070]

It seems that Gigabyte has an application called APP Center which is capable of updating drivers and BIOS automatically. Did you notice it performing an automatic update yesterday? If the application has logs, are there some recent records of driver or BIOS updates?

[GiantMidget 0]

It seems that Gigabyte has an application called APP Center which is capable of updating drivers and BIOS automatically. Did you notice it performing an automatic update yesterday? If the application has logs, are there some recent records of driver or BIOS updates?

 

Mine doesn't automatically update...i have to do it manually.(cant remember if i did something to stop auto updates). If i run the live update there are a few things i can update(have not done it yet). I have only updated once since i put the computer together 6 months ago.

Edited June 23, 2015 by GiantMidget

[grinr 0]

It seems that Gigabyte has an application called APP Center which is capable of updating drivers and BIOS automatically. Did you notice it performing an automatic update yesterday? If the application has logs, are there some recent records of driver or BIOS updates?

 

I have an ASUS board (z97-pro ac wifi) and I have the same issue.  Perhaps a z97 chipset issue?  I am 100% certain there was no update to my system drivers or BIOS for at least two weeks before the issue emerged.

[Marcos 5,070]

Could somebody else confirm that you have a motherboard with z97 chipset too? I wonder if that's the common denominator as it's been users with Gigabyte motherboards affected so far.

[Cyda 0]

My motherboard is a z87 chipset (Gigabyte Z87-HD3), I do have the APP center software installed but it is not set to auto update and there have been no updates applied. The only gigabyte software I actually run is their software for setting fans speeds, which runs as the process: AdjustService.exe.